Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Server
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
Request-Id
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Type
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
X-ESI
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-GitHub-Request-Id
X-MS-InvokeApp
X-DataStream-Cache-Status
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Upstream-Env
Public-Key-Pins
X-Powered-By-Plesk
X-Cached
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
X-Amz-Server-Side-Encryption
RTSS
Charset
X-Navigation-Version
X-Abt-Application-Version
X-TTL
X-Vname
X-PC
X-TtlSet
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Ar-Sid
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Expires
X-Server-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
DynaTrace
X-Goog-Generation
X-VCache
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
S
X-XRDS-Location
X-Hits
X-Debug
TCN
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Akam-SW-Version
X-Dw-Request-Base-Id
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Powered-CMS
X-Oracle-Dms-Rid
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
Access-Control-Request-Method
X-T
X-Goog-Storage-Class
X-Id
X-Webkit-CSP
X-Ttl
X-Aspnet-Version
Realpath
Tracecode
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-NF-Request-ID
X-Amzn-Trace-Id
Front-End-Https
X-Varnish-Age
X-N
Fastcgi-Cache
X-Content-Type
X-Upstream
X-Forwarded-For
X-B3-TraceId
Paypal-Debug-Id
X-Mrf-Section-Lastmod
X-B3-Traceid
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
Alternate-Protocol
X-Fastcgi-Cache
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
Display
Response
X-Middleton-Response
X-Middleton-Display
X-Sol
X-Pad
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-RateLimit-Remaining
X-Litespeed-Cache
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-Cache-Key
X-Accel-Expires
X-DataStream-Origin-MEX-Latency
Host
X-DataStream-MidMile-RTT
X-Grace
ServerID
MicrosoftSharePointTeamServices
Backend-Timing
X-Correlation-Id
X-Analytics
Server-Name
X-Kinsta-Cache
X-B3-Sampled
Surrogate-Key
X-Debug-Info
X-LB-Cache
X-User-Agent
X-IPLB-Instance
X-Rid
X-Revision
X-Az
X-Activity-Id
X-Amzn-RequestId
X-AppVersion
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
Accept-Charset
FilterID
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Received
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
X-Page-Id
MS-CV
X-Whom
Server-Info
X-DIS-Request-ID
Host-Header
X-Cached-By
X-Ruxit-Js-Agent
Source
X-Amz-Replication-Status
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-App-Environment
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-PHP-Backend
X-Cache-Action
Cache-Status
X-Origin-Server
X-Cluster
X-F-Cache
X-Tumblr-Pixel-0
X-Tumblr-User
X-GUploader-UploadID
PageSpeed
X-Tumblr-Pixel
X-TT
X-Mobile
X-Platform-Server
X-Accel-Buffering
Access-Control-Allow-Method
X-FW-Serve
X-Content-Powered-By
X-FW-Type
X-Varnish-Grace
X-FW-Server
X-FW-Static
X-FW-Hash
X-Framework
X-Instance
X-Drupal-Cache-Tags
X-Forwarded-Host
X-FB-Debug
X-Request-Guid
X-UA-Device-Type
X-Ezoic-Cdn
X-Node-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Geo-Country
X-Shard
Edge-Cache-Tag
X-TA-CDN-Provider
X-FastCGI-Cache
X-RateLimit-Limit
X-Zen-Fury
Fastly-Restarts
X-Handled-By
X-Varnish-Hostname
From-Origin
X-Magnolia-Registration
X-SS-Set-Cookie
X-Cache-TTL
Cache-Tags
X-Cache-Age
X-AOL-HN
X-BCube-Filmed-By
X-ATG-Version
X-Cache-Control
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
X-Varnish-Server
Cleartype
Retry-After
Payment
X-App-Server
Server-Node
DC
X-Response-Served-From
X-RequestSource
X-TX-ID
Country
X-B-Cache
X-Signature
X-Adobe-Content
X-Storage
X-Adobe-Loc
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Powered
X-FW-Dynamic
Filters
X-TT-TIMESTAMP
X-VG-WebCache
Actual-Object-TTL
X-Dns-Prefetch-Control
X-GeoIP
X-Redis-Cache
X-UUID
X-Region
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-RTag
Ms-Operation-Id
X-Jobs
X-Cacheable-TTL
X-XRDS-LOCATION
X-Generated-By
X-Varnish-Hits
X-Content-Age
X-Locale
Frame-Options
X-WA-Info
GEO-INFO
Webserver
NGB
X-Esi
ServedBy
CACHE
X-Oneagent-Js-Injection
X-Contextid
X-Yottaa-Optimizations
X-Yottaa-Metrics
Liferay-Portal
X-Cache-NE
HitType
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-BACKEND-TTL
Eomportal-Instance
X-Cache-Operation
X-Varnish-IP
X-Cache-TTL-Remaining
X-NWS-LOG-UUID
X-Guploader-Uploadid
X-Via-JSL
X-Upgrade-Enabled
X-Time
X-Mode
Viewport
S-Cnection
X-Real-IP
X-Seen-By
Xserver
X-Varnish-Cache-Hits
X-Cache-Var-Map
X-Path-Route
X-Proto
X-Proxied
X-RN-RSRV
X-ES-SERVER
X-Is-Bot
LB
X-Akamai-Transformed
X-From
X-Hl-Ver
X-Device-Type
OT-Force-Account-Verify
X-Zipkin-Id
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-Detected-As
Load-Balancing
Cache-Hits
Cache-Key
X-Routing-Service
Meta-Geo
Machine
NtCoent-Length
X-S
Vix-Hermes-Req-Id
TWC-Privacy
We-Hiring
Webcakes-App-Name
Webcakes-App-Version
TWC-Locale-Group
Webcakes-Region
TWC-GeoIP-Country
L5d-Success-Class
X-Cache-Server
Access-Control-Request-Headers
Mail-Subject
NGX
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-AWS-Id
X-Cache-Config
X-VWS-Id
X-Rocket-Nginx-Bypass
X-Proxy
X-Tb
X-Time-Microsecs
X-VG-TLSProxy
X-Viewer-Country
X-Origin-Hint
X-NCache
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Environment-Context
X-FW-Version
X-Hosted-By
X-LJ-Flow-ID
X-L-Path
X-Backend-Name
TWC-GeoIP-LatLong
X-Cache-Remote
Azure-InstanceId
Azure-RegionName
X-MP-GENERATED-AT
X-R9-Blue-Green-Version
X-RCS-CacheZone
Azure-SiteName
X-Loop
Azure-Version
DB-Nickname
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-Web-Node
X-Debug-Cache
X-Origin-Response-Time
Azure-SlotName
X-Labrador-Cache-Channel
X-TNCMS
Now
X-Tumblr-Pixel-3
S-Rt
X-Access
X-Format
X-ServerID
X-Section
Origin-Cache-Control
Origin-Edge-Control
X-Via-CDN
X-PCL
X-Xfnlog-Site
X-IP
X-JoinUs
X-OCL
Selected-FE
Cache-Tag
X-CCM
X-BYPASS-REASON
X-Trace-Id
X-Via-Fastly
X-Vgn-Hpd-Reason
Datacenter
X-Timing-Wait
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Internal-Host
Content-Style-Type
X-Human
X-Cache-Category-Id
Content-Script-Type
X-Grey
X-Generated
Uber-Trace-Id
X-Www-Served-By
X-VC-Cache
X-Endurance-Cache-Level
X-UnsetCookies
X-Dynatrace-Js-Agent
X-Site-Version
X-Varnish-Cacheable
Decoy-Debug-Status
Served-By
X-Status
X-Rule
Decoy-Debug-TTL
Decoy-Debug-Key
X-Birta-Served
X-Birta-Cache-Post
Release
X-UA
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-Newrelic-App-Data
Nel
X-CDN-Cache
X-B3-Spanid
X-GRACE
X-Request-Time
X-TIME
DSUID
X-Ua
AsisCache
X-OVcl-Cache
X-OVcl
X-Cluster-Node
X-Nginx-Cache
X-App-Name
Rt-Fastcgi-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Hit
X-ApacheServer
X-VCT
X-PERF
X-Source
X-NewRelic-App-Data
X-Origin-Host
SRV
X-Sucuri-ID
X-Agile
X-Agile-Id
X-Agile-Age
Cache
X-Wix-Request-Id
ViewerVersion
Hostname
Cache-Name
Cteonnt-Length
X-Pubstack
AR-SID
X-Origin-TTL
X-Wix-Server-Artifact-Id
X-Cache-Host
X-Origin-CC
X-ElasticPress-Search
X-SERVER
BehaviorPad-Version
Cache-Prefix
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Request-Country
Thinkindot-Control
Server-Surrogate-Control
Server-Host
Server-Cache-Control
Cross-Origin-Window-Policy
Request-Time
Request-EU
Fly-Cache
MD5-Digest
FNAC-ModuleRouting
X-B-Cookie
Memcached
X-ARC
X-Application
X-A-Wwc
Lfy
X-Accel-Expires-Debug
X-Aed
Fly-Request-Id
Meta-Geo-Continent
X-A-Ccd
Origin
X-A
Rendered-Blocks
X-A-Dam
On-Server
X-A-Dgt
Node
Ec-Rule-Version
X-A-Dcw
UCS
X-D
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Reboot
X-NU-AKA-ACS-Version
X-NodeID
X-NX-Host
X-PAYTM-SRV-ID
X-Processor
X-Platform
X-Secret
X-Sedo-Request-Id
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-ServiceProvider
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Mobile-URL
X-Matched-Rule
Arc-Country
X-Core-Value
X-Date
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Connection-Hash
X-CF-Lambda-Version
X-Cache-Grace
X-Cache-Expires
X-Cache-Info
X-Cache-Miss-From
X-CF-Lambda-Fn
X-Debug-Cookies
X-Debug-Log
X-Hp-Webp
X-Generated-In
X-IN-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Instart-Isnd
X-Gannett-Site-Version
X-G
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-F5-Cache
X-Cache-ASPX
Www
Ajk
X-Varnish-Ttl
X-WPE-Loopback-Upstream-Addr
User-Cache-Control
X-Crawler
X-Developers
X-Gen-Mode
X-CGP
X-Cdn-Srv
X-Device-Os
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Eu-Site
X-Distributor
X-Cache-Id
X-Distil-CS
X-Fetched-On
X-Hash
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
Web-Mar-Node
V-Age
Server-Int
True-Client-Country-4JS
X-Amzn-Remapped-Date
X-Apm-App-Name
X-Cache-Bucket
RNT-Time
X-Cache-Backend
X-Block-Status
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Cache-Debug
X-Info
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Policy
X-RateLimit-Limit-Second
X-Servername
X-Sf
X-Server-Time
X-Sn-Servicetimems
X-Cdn-Origin
X-Real-Ip
X-SIPLIST1
X-SN
X-PHP-Host
X-Page-Type
X-Li-Fabric
X-Li-Pop
X-LAGOON
X-Key
RNT-Machine
X-Irp-Debug
X-LI-Proto
X-LI-UUID
X-Origin-Date
X-Origin-Expires
Apple-News-Services-Parsed-Url
X-Nginx-Cache-Key
X-Location
X-Micro-Cache
X-Hnp-Log
Warning
Ha-Gx-Prefs
HA-Ipaddr
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Gh-Request-Id
CDCHOST
Fastly-SIE
Pagetype
Country-Code
Fastly-SWR
Apple-News-Services-Handled
Cache-Cookie-Set-Lfrom
Apple-News-Services-Request-Url
IsBot
Backend
Apple-News-Services-Host
X-Geo
X-App-Version
X-FireWall-Port
Pagespeed
Is-Eu
X-Planisys-CDN-Cache
X-No-Session
Fastly-SSL
X-Exp-Se
X-BBXSRF
Fastly-Soc-X-Request-Id
X-Bip
X-Generated-On
X-MSEdge-Flight
X-C
Adler-Geo
X-MSEdge-Features
X-Gateway-Cache-Key
X-Fastly-Cache
X-GeoIP-Country-Code
X-GeoIP-City
X-Cms-Context
X-Backend-Url
X-Gateway-Cache-Status
X-Geo-Header
X-Core-Mission
X-Gateway-Skip-Cache
X-Level-Front-Cache
X-Cache-FS-Status
X-Planisys-CDN-TTL
X-Thanos
X-User
X-Variation
X-Swa-Ws
X-Sorting-Hat-ShopId
X-Skip-Cache
X-Sorting-Hat-PodId
X-Via-Edge
X-Via-SSL
SD-X-WS
X-ND-Cache
Rt-Proxy-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
ServerName
X-Shopify-Stage
X-ShopId
Platform
X-Protected-By
X-Qloud-Router
Kp-EeAlive
X-Planisys-CDN-Rules
X-Backend-Host
X-Auto-Login
Pramga
Proxy-Connection
AKAMAI
X-ShardId
X-S-Maxage
X-Alternate-Cache-Key
Content-Disposition
X-Amz-Meta-Cache-Control
X-Backend-State
X-GZip
X-Owner
X-Org
Heartbleed
X-BB-ID
X-Served-From
REQUESTUUID
HTTPS
X-RateLimit-Reset
X-Varnish-Beresp-Status
X-Ocache
X-Varnish-Beresp-Grace
X-Server-IP
X-Edge-Location
MIME-Version
X-B3-Parentspanid
Server-ID
X-Sucuri-Cache
X-TT-LOGID
X-Proxy-Cache-Status
X-NC
X-TrackingId
X-Proxy-Upstream
X-Cdn-Forward
User-Agent
X-Git-Hash
X-CDN-Forward
N-Cache
X-FPC
X-Edge-IP
Magicmarker
X-Varnish-Url
Fastly-Backend-Name
X-Host-Name
Wxu-Next-Commit
Wxu-Next-Hostname
Viewtype
Wxu-Next-Region
VivaBuild
X-Load-Cache
X-Gdpr
X-Aicache-OS
X-Node-Id
X-Daa-Tunnel
X-Varnish-Beresp-Ttl
X-CSRF-TOKEN
X-DC
X-Pjax-Url
HostName
X-Dc
X-Parent-Response-Time
CF-IPCountry
X-Release
Powered-By
Memory
X-CUA
Time
X-Nc
PICS-Label
X-TH-Server
X-Servedbyhost
Resin-Trace
X-CACHE-KEY
X-WebServer
X-HS-Cache-Config
Pragrma
X-Wa
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Phone
X-Passed-To-PostProcessResponse
X-Returned-From
X-Actual-URL
X-Server-By
X-Passed-To
X-Stale
X-Oss-Object-Type
X-Returned-From-DLL
X-Upstream-CT
X-Returned-From-PostProcessResponse
X-Upstream-HT
Host-ID
X-Svr
X-Returned-From-BeforeDispatch
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Original-Request
Section-Io-Cache
X-VServer
X-Instart-Info
X-Croise-Owner
X-Newrelic-Synthetics
Mime-Version
Backend-Name
ProcessTime
X-From-Cache
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-HT
X-Varnish-Beresp-TTL
X-Optimization
X-Worker
X-Lb-Id
Cf-Ipcountry
CF-Cached-On
352pxline
355prline
X-Server-W
286prxHost
Xxline
409pxxline
188prxHost
225prxHost
178proxuri
X-APP
Cdn
SID
189phosttRef
X-Request-Handler-Origin-Region
X-Microsite
219prxHost
Version
X-Atg-Version
X-Unique-ID
X-Fastly-Backend-Reqs
XServer
X-Req
X-Datadome
X-Microcachable
X-SERVER-NAME
Processtime
X-Zone
X-Akamai-Request-ID2
X-ID
X-LB-ID
Proxy-Firewall
X-Ratelimit-Remaining
Accept-Language
X-Ratelimit-Limit
X-V
X-B3-SpanId
X-Vcl-Version
X-VCL-Version
Esi-Enabled
Odigeo-Trace-Id
X-CLOUD-TRACE-CONTEXT
Fastcgi-Useragent
X-CACHE-AGE
X-Contensis-Viewer-Groups
GeoIP-Country-Code
X-HTML-Minification-Powered-By
GeoIP-Latitude
X-UPSTREAM-Address
X-AssetVersion
GeoIP-City
X-IPS-LoggedIn
SN
X-NGINX-Cache
X-Fstrz
X-Check-Cacheable
X-Vcache
X-Backend-TTL
X-WR-MODIFICATION
X-WA
X-HS-Status
Pics-Label
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Nananana
X-URL
X-Response-By
X-RequestId
X-Ratelimit-Reset
X-ZONE
X-ServedByHost
X-Urbn-Context-Path
X-Be
X-Urbn-Site-Id
GMS-Ver
X-Reqid
X-Via-NSCOPI
Locale
X-CSRF-Token
DataCenter
X-Cache-Ttl
X-Hyper-Cache
X-Hello
GeoIp-Country-Code
X-ABtesting
Geoip-Latitude
X-NWS-UUID-VERIFY
X-Flog
X-Dynatrace
CDN
IBM-Web2-Location
Geoip-City
X-Via-Ucdn
Dnion-Transfer-Encoding
X-Request-Start
Fastcgi-X-Cache-Version
Public-Key-Pins-Report-Only
X-Render-Time
X-Fastly-Country-Code
X-Cdn-Cache
WP-Super-Cache
X-GDPR
X-Amz-Meta-Surrogate-Control
WebServer
GW-Server
X-PJAX-URL
WZWS-RAY
X-LiteSpeed-Cache-Control
Requestid
X-CS
X-Generation-Time
X-Unique-Id
X-NGENIX-Cache
URI
X-We-Are-Hiring
X-UE-Client-Country
X-Cluster-Name
X-Clientip
Mobile-Detection-Method
Lb
Countrycode
X-SRV
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-HostName
X-FORWARDED-FOR
Dynatrace
X-Fpc
SS
X-BE
Cneonction
X-GEO
Serverid
X-HS-Combine-CSS
X-Cache-URL
X-Compress-Hint
X-Pf-Uncompressing
X-Gen-Id
Ohc-File-Size
Who
X-Got-Non-Ke-Cookie
X-Varnish-Action
X-Store
X-Test
X-Bug-Bounty
X-LiteSpeed-Tag
A
GEO-REGION-INFO
Server-Id
X-Akamai-SSL-Client-Sid
Epwk-Cache
X-Html-Edge-Cache
Https
X-HTML-Edge-Cache
FSS-Proxy
X-ServerName
Frontcache
NnCoection
RequestUuid
FSS-Cache
X-Cdn-Request-ID
X-EC-Lua
X-Fastly-Cache-Hits
X-Serial
X-PF-Uncompressing
X-GZIP
X-Request-Url
X-Dw-Trace-Id